• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
Domain Industry & Internet News

Domain Industry & Internet News

Domain Name Industry News

  • Home
  • About
  • Archives
  • Submit News
  • Comment Policy
  • Privacy Policy
  • Advertise Hosting & Domain Industry Jobs
You are here: Home / icann / Art. 29 Data Protection Working Party To ICANN – Maybe You’re Hard Of Hearing?

Art. 29 Data Protection Working Party To ICANN – Maybe You’re Hard Of Hearing?

January 28, 2014 by Michele Neylon

eu-justice-logoICANN has been sent another letter by the Article 29 Data Protection Working Party. However it still isn’t on ICANN’s correspondence page – I  found it on the Article 29 Data Protection Working Party’s site.

The letter, which was signed by all 28 members and represents the legal position of all 28 member states of the European Union, is diplomatic, but pretty clear.

Short version: We already told you what we think, why are you asking us to repeat it?

The letter revisits and underlines points that the group had raised in previous letters to ICANN:

The 2013 RAA approved by the ICANN Board on 27 June 2013 however does not contain any material changes which address the concerns described in our letter of 6 June 2013 and thus the Working Party is compelled to continue this discussion.

In other words, ICANN appears to be ignoring them.. not good for ICANN..

And while ICANN might be struggling with the concept of “jurisdiction” the Article 29 guys definitely don’t (emphasis added):

Each Registrar operating within the Member States of the European Union is subject to the European Data Protection Directive 95/46/EC6 and therefore each Waiver Request could be considered by ICANN as an identical request rather than process each individually.

The key bit of the Directive as it relates to all this is the text of Article 6(e) of the European Data Protection Directive 95/46/EC, which is all about retention periods:

kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected

ICANN wants registrars to retain the data for two years after the registration has lapsed, or the domain has moved to another registrar. That’s not compatible with the Directive.

While ICANN’s legal team might like to argue that a Directive will be implemented (or transposed) differently into each national law, that’s not entirely true, as Article 6(e) is a key tenet of the Directive.

Under Irish law, for example, the Directive is transposed under the Data Protection (Amendment) Act 2003, which updated the previous legislation from 1988. You can see the full text of the updated law here.

The wording in the Irish law is almost identical to that in the Directive:

Article 4 (e). preserved in a form which permits identification of the data subjects for no longer than is required for the purpose for which those data are stored

And very similar wording was used in the French legislation OVH referenced in their recent request to ICANN for a waiver.

But ICANN’s understanding of who or what the Article 29 group is may have been part of the problem. So in this letter they’ve taken pains to clarify exactly who they are:

The Article 29 Working Party on the Protection of Individuals with regard to the Processing of Personal Data is an independent advisory body on data protection, set up under Article 29 of the EU Data Protection Directive 95/46/EC. The Chair of the Working Party is elected by its members, representatives from each of the national data protection authorities of the EU Member States and the European Data Protection Supervisor. The Article 29 Working Party is competent to examine any question covering the application of the data protection Directives in order to contribute to the uniform application of the Directives. However, for the avoidance of doubt I can confirm that each of the Data Protection Commissioners in the 28 EU member states was either represented at the meeting of the Working Party on 4 December 2013 and independently endorsed the contents of this letter, confirming that it reflects the legal position in their member state or has been contacted following the meeting on 4 December 2013 and had so confirmed.

Will this latest letter make any difference?

Here’s the full letter

[spiderpowa-pdf src=”https://www.internetnews.me/wp-content/uploads/2014/01/20140108_letter_icann.pdf”]08/01/2014 Letter from the Article 29 Working Party to ICANN

 

Related articles
  • First European registrar to get Whois data opt-out (domainincite.com)
  • It’s Time for Privacy Progress in ICANN (circleid.com)
  • ICANN makes progress on data retention waivers for domain name registrars (domainnamewire.com)

Filed Under: icann, privacy, registrants, registrars Tagged With: Article 29 Working Party, Directive, European Union, Generic top-level domain, icann, ovh

About Michele Neylon

Michele is founder and managing director of Irish domain registrar and hosting company Blacknight. Michele has been deeply involved in domain and internet policy discussions for more than a decade.
He also co-hosts the Technology.ie podcast.

Reader Interactions

Comments

  1. Emily Taylor says

    January 29, 2014 at 5:38 pm

    Hi Michele. Good catch. I also came across this letter by accident the other day on the Art 29 WG’s website while looking for something else.

    It’s pretty unambiguous stuff, and clearly all registrars who operate within the data protection environment need some clarity about how to comply with their national laws (and as the Art 29 WG said – it’s our job to know this stuff, and this *is* the law in every member state).

    Data Retention and the obligation to destroy under Data Protection are often difficult to reconcile. The RAA provision would seem particularly problematic for registrars based in Germany (I think there may be one or two 😉 ).The Commission took Germany to the ECJ in May 2012 for failure to implement the Directive. Germany adopted it in 2008, but the adoption was annulled by the German Constitutional Court in 2010 (1 Bv4 256/08, 1 BvR 263/08, 1 BvR 586/08). Same thing happened in Romania.

    So, for registrars in those jurisdictions, they are not even going to have even the partial protection of data retention laws.

Primary Sidebar

Recent Articles

ICANN’s Cancún Meeting Was Almost Normal

Middle East DNS Forum to be Held in Istanbul

Gandi Merges with TWS to Form “Your.Online”

Anguilla Offline due to Fibre Issue

IGF 2023 to be Held in Kyoto, Japan

Recent Comments

  • ICANN Gets First Female CEO on Centralnic Head Honcho Announces Immediate Retirement
  • Kieren McCarthy Elected to Nominet Board on Nominet Election Candidates 2022 Finally Announced
  • Michele Neylon on Nominet Taking RDAP Out of Beta
  • Gavin Brown on Nominet Taking RDAP Out of Beta
  • ICANN Heading to Hamburg (ICANN78) and Los Angeles (GDD) Plus Training For African Registries - Goldstein Report on ICANN Announces GDD Summit Dates & Location

Categories

Blogroll

  • Alex Bligh
  • Circle ID
  • Domain Incite
  • Domain Name News
  • Domain Name Wire
  • Jason Thompson

Blogs

  • Domain Gang
  • Stéphane Bortzmeyer

Archives

Recent Comments

  • ICANN Gets First Female CEO on Centralnic Head Honcho Announces Immediate Retirement
  • Kieren McCarthy Elected to Nominet Board on Nominet Election Candidates 2022 Finally Announced
  • Michele Neylon on Nominet Taking RDAP Out of Beta
  • Gavin Brown on Nominet Taking RDAP Out of Beta
  • ICANN Heading to Hamburg (ICANN78) and Los Angeles (GDD) Plus Training For African Registries - Goldstein Report on ICANN Announces GDD Summit Dates & Location

Categories

Blogroll

  • Alex Bligh
  • Circle ID
  • Domain Incite
  • Domain Name News
  • Domain Name Wire
  • Jason Thompson
  • Nigel Roberts

Blogs

  • Domain Gang
  • Stéphane Bortzmeyer

Copyright © 2023 InternetNews.me